Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Company name
• Job title
• Secure password (stored encrypted)

1.2 Lease Document Data

When you upload and process lease documents through the Services, we collect and process:

• The full text content of uploaded lease documents
• Document metadata (file names, upload dates, file sizes)
• Extracted data including property information, tenant names, landlord names, lease terms, financial information, and other lease-related data
• User annotations, tags, comments, and custom field entries
• Chat history and queries related to specific documents

Important: Your lease documents and extracted data are used exclusively to provide the Services to you. We do not use your documents or data to train AI models, conduct analytics for other purposes, or share with any parties except as explicitly required to deliver the Services.

1.3 Technical Information

For security and service delivery purposes, we automatically collect minimal technical information:

• IP address (for security and fraud prevention)
• Browser type and version
• Access times and session duration
• Device type and operating system

This technical information is collected only to ensure service functionality, security, and to prevent unauthorized access. We do not use cookies or tracking technologies for analytics, marketing, or advertising purposes.

1.4 Communication Data

When you contact customer support or communicate with us, we collect the information you provide in those communications to respond to your inquiries and improve our service quality.

2. How We Use Your Information

We use the information we collect strictly for the following purposes related to providing the Services:

2.1 Service Delivery

• Process, analyze, and extract information from your lease documents
• Provide AI-powered lease abstraction and document analysis
• Enable portfolio research and comparative analysis features
• Deliver interactive document query and chat capabilities
• Store and organize your lease data and extracted information
• Generate custom reports and data exports

2.2 Account Management

• Create and manage your account
• Authenticate your identity and authorize access
• Manage your subscription and billing
• Respond to your inquiries and provide customer support

2.3 Service Communication

• Send critical service updates and security alerts
• Provide technical notices and system maintenance notifications
• Communicate policy updates and important account information
• Respond to support requests

2.4 Security and Legal Compliance

• Detect, prevent, and investigate fraud, security incidents, and unauthorized access
• Comply with legal obligations and enforce our Terms of Service
• Protect the rights, property, and safety of Prismera, our users, and the public
• Maintain system integrity and operational security

What We Do NOT Do With Your Data:

• Train or improve AI models using your lease documents or extracted data
• Use your data for marketing, advertising, or promotional purposes
• Conduct analytics on your data for purposes beyond service delivery
• Share your data with third parties except as strictly necessary for service operations (see Section 4)
• Sell, rent, or trade your personal information or lease data

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you and provide the Services you requested.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as maintaining service functionality, fraud prevention, and security, provided such interests are not overridden by your rights and interests.
• Legal Compliance: Processing necessary to comply with legal obligations to which we are subject.
• Consent: Where required by law, we process personal information based on your explicit consent, which you may withdraw at any time.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following limited circumstances necessary to provide the Services:

4.1 Essential Service Providers

We share information with third-party service providers only as strictly necessary to deliver core service functionality. These providers are contractually obligated to use your information solely to provide their specific services to us and maintain appropriate security measures. They include:

• Cloud Infrastructure: Hosting and server infrastructure for secure data storage and application hosting
• AI Processing: AI and machine learning service providers for document analysis and natural language processing capabilities
• Database Services: Database providers for secure data storage and retrieval
• Authentication: Identity verification and authentication services for secure account access

Important Clarification: While these service providers process your data to enable core platform functionality (such as AI-powered document analysis), they do so under strict contractual terms that prohibit them from using your data for their own purposes, including training their models on your data. Your lease documents and business data remain confidential and are processed solely to deliver the Services to you.

4.2 Business Transfers

If Prismera is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information and ensure the acquiring party honors this Privacy Policy.

4.3 Legal Requirements

We may disclose your information only when required by law or when we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or governmental requests
• Enforce our Terms of Service or investigate violations
• Protect the rights, property, or safety of Prismera, our users, or the public
• Detect, prevent, or investigate fraud, security incidents, or illegal activities

4.4 With Your Explicit Consent

We may share your information with third parties only when you explicitly provide consent for such specific sharing.

4.5 No Marketing or Analytics Sharing

We do not share your information with marketing platforms, advertising networks, third-party analytics providers (beyond what's strictly necessary for service functionality), or any other parties for purposes unrelated to delivering the Services to you.

5. Data Security

We implement industry-standard technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of data at rest using AES-256 or equivalent
• Multi-factor authentication options for account access
• Regular security audits and vulnerability assessments
• Strict access controls and authentication mechanisms
• Employee training on data security and privacy best practices
• Incident response and breach notification procedures
• Regular backups and disaster recovery procedures
• Network security and intrusion detection systems

However, no method of transmission over the Internet or electronic storage is 100% secure. While we implement robust security measures and strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should immediately notify us of any unauthorized access to your account.

6. Data Retention

We retain your personal information only for as long as necessary to provide the Services to you and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Active Accounts

For active accounts, we retain your account information and lease document data for the duration of your subscription and as long as your account remains active. You maintain full control over your data and can delete documents or information at any time through your account.

6.2 Account Closure and Data Deletion

When you close your account or request deletion of your data, we will permanently delete your personal information and lease data within 90 days, except where retention is legally required for:

• Compliance with legal obligations (e.g., tax, accounting, or audit requirements)
• Resolving disputes and enforcing agreements
• Fraud prevention and security incident investigation
• Backup systems (subject to automatic deletion cycles, typically 90 days)

6.3 Data Minimization

We follow data minimization principles and periodically review and delete information that is no longer necessary for providing the Services or complying with legal obligations.

7. Your Privacy Rights

Depending on your location and applicable law, you have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to access and obtain a copy of your personal information in a structured, commonly used, and machine-readable format. You can export your data at any time through your account settings or by contacting us.

7.2 Correction and Update

You have the right to correct inaccurate or incomplete personal information. You can update most information directly through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information and lease data, subject to limited exceptions for legal compliance, fraud prevention, and legitimate business purposes. We will process deletion requests within 90 days.

7.4 Objection and Restriction

You have the right to object to or restrict certain processing of your personal information, including processing based on legitimate interests.

7.5 Withdrawal of Consent

Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@prismera.ai. We will respond to your request within the timeframe required by applicable law (typically 3 days). We may require verification of your identity before processing your request to ensure data security.

7.7 Right to Lodge a Complaint

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

8. International Data Transfers

Prismera is based in the United States. If you are accessing the Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

These countries may have data protection laws that differ from those in your country of residence. By using the Services, you consent to the transfer of your information to the United States and other countries where we operate.

For users in the EEA, UK, or Switzerland, we implement appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

9. Children's Privacy

The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take immediate steps to delete such information.

If you believe we have collected information from a child, please contact us immediately at privacy@prismera.ai.

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain legal exceptions.

10.3 Right to Opt-Out of Sale or Sharing

We do not sell or share your personal information as defined by the CCPA/CPRA.

10.4 Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

10.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

To exercise your CCPA/CPRA rights, contact us at privacy@prismera.ai. We will verify your identity before processing your request.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this Policy
• Provide prominent notice through the Services or by email notification
• Obtain your consent where required by applicable law
• Allow a reasonable period for you to review changes before they take effect

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Prismera Labs, Inc.
Email: privacy@prismera.ai
Website: https://www.prismera.ai

For general inquiries: support@prismera.ai
For legal matters: legal@prismera.ai

We will respond to your inquiry as promptly as possible, typically within 3 days.